Menu
Manage authentication and user operations in Supabase. Use for sign up, sign in, sign out, password resets, and user management.
Perform database operations (CRUD) on Supabase tables using the REST API. Use for querying, inserting, updating, and deleting data in your Supabase database.
Deploy and manage Supabase Edge Functions. Use for invoking serverless functions, deploying new functions, and managing function deployments.
Subscribe to realtime changes in Supabase using WebSocket connections. Use for listening to database changes, presence tracking, and broadcast messaging.
Manage file storage operations in Supabase Storage. Use for uploading, downloading, listing, and deleting files in buckets.
| name | supabase-auth |
| description | Manage authentication and user operations in Supabase. Use for sign up, sign in, sign out, password resets, and user management. |
This skill provides authentication and user management operations through the Supabase Auth API. Supports email/password authentication, session management, user metadata, and password recovery.
Required environment variables:
export SUPABASE_URL="https://your-project.supabase.co"
export SUPABASE_KEY="your-anon-or-service-role-key"
Helper script: This skill uses the shared Supabase API helper. Make sure to source it:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
Basic email/password signup:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
supabase_post "/auth/v1/signup" '{
"email": "user@example.com",
"password": "securepassword123"
}'
Signup with user metadata:
supabase_post "/auth/v1/signup" '{
"email": "user@example.com",
"password": "securepassword123",
"data": {
"first_name": "John",
"last_name": "Doe",
"age": 30
}
}'
Auto-confirm user (requires service role key):
# Note: Use SUPABASE_KEY with service_role key for this
supabase_post "/auth/v1/signup" '{
"email": "user@example.com",
"password": "securepassword123",
"email_confirm": true
}'
Email/password login:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
response=$(supabase_post "/auth/v1/token?grant_type=password" '{
"email": "user@example.com",
"password": "securepassword123"
}')
# Extract access token
access_token=$(echo "$response" | jq -r '.access_token')
refresh_token=$(echo "$response" | jq -r '.refresh_token')
echo "Access Token: $access_token"
echo "Refresh Token: $refresh_token"
Response includes:
access_token - JWT token for authenticated requestsrefresh_token - Token to get new access token when expireduser - User object with id, email, metadataexpires_in - Token expiration time in secondsRetrieve user info with access token:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
# Set your access token from login
ACCESS_TOKEN="eyJhbGc..."
curl -s -X GET \
"${SUPABASE_URL}/auth/v1/user" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${ACCESS_TOKEN}"
Update user metadata:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
ACCESS_TOKEN="eyJhbGc..."
curl -s -X PUT \
"${SUPABASE_URL}/auth/v1/user" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"data": {
"first_name": "Jane",
"avatar_url": "https://example.com/avatar.jpg"
}
}'
Update email:
curl -s -X PUT \
"${SUPABASE_URL}/auth/v1/user" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"email": "newemail@example.com"
}'
Update password:
curl -s -X PUT \
"${SUPABASE_URL}/auth/v1/user" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"password": "newsecurepassword123"
}'
Sign out user (invalidate refresh token):
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
ACCESS_TOKEN="eyJhbGc..."
curl -s -X POST \
"${SUPABASE_URL}/auth/v1/logout" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${ACCESS_TOKEN}"
Get new access token using refresh token:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
REFRESH_TOKEN="your-refresh-token"
supabase_post "/auth/v1/token?grant_type=refresh_token" '{
"refresh_token": "'"${REFRESH_TOKEN}"'"
}'
Send password reset email:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
supabase_post "/auth/v1/recover" '{
"email": "user@example.com"
}'
Reset password with recovery token:
# This is typically done through email link
# The recovery token comes from the email link
RECOVERY_TOKEN="token-from-email"
curl -s -X PUT \
"${SUPABASE_URL}/auth/v1/user" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${RECOVERY_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"password": "newpassword123"
}'
Resend email verification:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
supabase_post "/auth/v1/resend" '{
"type": "signup",
"email": "user@example.com"
}'
Get all users (requires service role key):
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
# Make sure SUPABASE_KEY is set to service_role key
supabase_get "/auth/v1/admin/users"
Paginated user list:
# Get users with pagination
supabase_get "/auth/v1/admin/users?page=1&per_page=50"
Retrieve specific user (requires service role key):
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
USER_ID="user-uuid-here"
supabase_get "/auth/v1/admin/users/${USER_ID}"
Create user without email confirmation:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
supabase_post "/auth/v1/admin/users" '{
"email": "admin-created@example.com",
"password": "securepassword123",
"email_confirm": true,
"user_metadata": {
"first_name": "Admin",
"last_name": "Created"
}
}'
Update user as admin:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
USER_ID="user-uuid-here"
curl -s -X PUT \
"${SUPABASE_URL}/auth/v1/admin/users/${USER_ID}" \
-H "apikey: ${SUPABASE_KEY}" \
-H "Authorization: Bearer ${SUPABASE_KEY}" \
-H "Content-Type: application/json" \
-d '{
"email": "updated@example.com",
"user_metadata": {
"role": "admin"
}
}'
Delete user account:
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
USER_ID="user-uuid-here"
supabase_delete "/auth/v1/admin/users/${USER_ID}"
#!/bin/bash
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
# Login
response=$(supabase_post "/auth/v1/token?grant_type=password" '{
"email": "user@example.com",
"password": "password123"
}')
# Extract tokens
access_token=$(echo "$response" | jq -r '.access_token')
refresh_token=$(echo "$response" | jq -r '.refresh_token')
user_id=$(echo "$response" | jq -r '.user.id')
# Store in environment or file for subsequent requests
export SUPABASE_ACCESS_TOKEN="$access_token"
export SUPABASE_REFRESH_TOKEN="$refresh_token"
export SUPABASE_USER_ID="$user_id"
echo "Logged in as user: $user_id"
source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/supabase-api.sh"
# Note: This requires service role key and admin endpoint
email="check@example.com"
users=$(supabase_get "/auth/v1/admin/users")
exists=$(echo "$users" | jq --arg email "$email" '.users[] | select(.email == $email)')
if [[ -n "$exists" ]]; then
echo "User exists"
else
echo "User does not exist"
fi
# Tokens are JWTs - you can decode them (requires jq)
ACCESS_TOKEN="eyJhbGc..."
# Decode payload (base64)
payload=$(echo "$ACCESS_TOKEN" | cut -d. -f2 | base64 -d 2>/dev/null)
echo "$payload" | jq '.'
# Check expiration
exp=$(echo "$payload" | jq -r '.exp')
now=$(date +%s)
if [[ $now -gt $exp ]]; then
echo "Token expired"
else
echo "Token valid"
fi
Common error responses:
| Status | Error | Meaning |
|---|---|---|
| 400 | Invalid login credentials | Wrong email or password |
| 400 | User already registered | Email already exists |
| 401 | Invalid token | Access token expired or invalid |
| 422 | Validation error | Invalid email format or weak password |
| 429 | Too many requests | Rate limit exceeded |
if response=$(supabase_post "/auth/v1/token?grant_type=password" '{...}' 2>&1); then
echo "Login successful"
access_token=$(echo "$response" | jq -r '.access_token')
else
echo "Login failed: $response"
exit 1
fi
Typical flow:
Token lifespan:
Full Supabase Auth API documentation: https://supabase.com/docs/guides/auth